kerberosV: memdup bug

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

kerberosV: memdup bug

Alexey Dobriyan-2
->components is unsigned int, so patch #1

Index: kerberosV/src/lib/asn1/der_copy.c
===================================================================
RCS file: /cvs/src/kerberosV/src/lib/asn1/der_copy.c,v
retrieving revision 1.3
diff -u -p -r1.3 der_copy.c
--- kerberosV/src/lib/asn1/der_copy.c 2003/05/11 03:40:00 1.3
+++ kerberosV/src/lib/asn1/der_copy.c 2006/03/12 21:11:59
@@ -62,6 +62,6 @@ copy_oid (const oid *from, oid *to)
     to->components = malloc(to->length * sizeof(*to->components));
     if (to->length != 0 && to->components == NULL)
  return ENOMEM;
-    memcpy(to->components, from->components, to->length);
+    memcpy(to->components, from->components, to->length * sizeof(*to->components));
     return 0;
 }


OTOH, copy_oid() is unused, so patch #2

Index: kerberosV//src/lib/asn1/der.h
===================================================================
RCS file: /cvs/src/kerberosV/src/lib/asn1/der.h,v
retrieving revision 1.1.1.2
diff -u -p -r1.1.1.2 der.h
--- kerberosV//src/lib/asn1/der.h 2003/05/11 02:15:36 1.1.1.2
+++ kerberosV//src/lib/asn1/der.h 2006/03/12 21:14:07
@@ -145,7 +145,6 @@ size_t length_generalized_time (const ti
 
 int copy_general_string (const general_string *from, general_string *to);
 int copy_octet_string (const octet_string *from, octet_string *to);
-int copy_oid (const oid *from, oid *to);
 
 int fix_dce(size_t reallen, size_t *len);
 
Index: kerberosV//src/lib/asn1/der_copy.c
===================================================================
RCS file: /cvs/src/kerberosV/src/lib/asn1/der_copy.c,v
retrieving revision 1.3
diff -u -p -r1.3 der_copy.c
--- kerberosV//src/lib/asn1/der_copy.c 2003/05/11 03:40:00 1.3
+++ kerberosV//src/lib/asn1/der_copy.c 2006/03/12 21:14:07
@@ -54,14 +54,3 @@ copy_octet_string (const octet_string *f
     memcpy(to->data, from->data, to->length);
     return 0;
 }
-
-int
-copy_oid (const oid *from, oid *to)
-{
-    to->length     = from->length;
-    to->components = malloc(to->length * sizeof(*to->components));
-    if (to->length != 0 && to->components == NULL)
- return ENOMEM;
-    memcpy(to->components, from->components, to->length);
-    return 0;
-}